You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2018/08/27 11:40:00 UTC
[jira] [Commented] (ISIS-1635) Upgrade dependency to resteasy
[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16593540#comment-16593540 ]
ASF subversion and git services commented on ISIS-1635:
-------------------------------------------------------
Commit 02dd6ae7e2bf67d7fbc4cc13037f5db3a20f5389 in isis's branch refs/heads/master from [~hobrom]
[ https://gitbox.apache.org/repos/asf?p=isis.git;h=02dd6ae ]
ISIS-1635: resteasy plugin v3 fixed to support 3.1.4.Final
> Upgrade dependency to resteasy
> ------------------------------
>
> Key: ISIS-1635
> URL: https://issues.apache.org/jira/browse/ISIS-1635
> Project: Isis
> Issue Type: Improvement
> Components: Core: Viewer: RestfulObjects
> Affects Versions: 1.14.0
> Reporter: Jörg Rade
> Assignee: Andi Huber
> Priority: Major
> Fix For: 2.0.0-M2
>
> Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !Dependency-Check.png|thumbnail!
> {code}
> [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
> <dependency>
> <groupId>org.jboss.resteasy</groupId>
> <artifactId>resteasy-jaxb-provider</artifactId>
> <version>3.1.3.Final</version>
> </dependency>
> <dependency>
> <groupId>org.jboss.resteasy</groupId>
> <artifactId>resteasy-jackson-provider</artifactId>
> <version>3.1.3.Final</version>
> </dependency>
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)